Two malicious Python packages, deepseeek and deepseekai, were recently discovered on the Python Package Index (PyPI) repository. These packages were designed to collect sensitive user data, including API keys, credentials, and access tokens stored in environment variables. Exploiting the popularity of AI and machine learning tools, they targeted developers who were particularly interested in integrating these technologies into their projects. The payload activated once users executed commands associated with the packages, facilitating the theft of critical information.
The malicious packages used Pipedream, a developer integration platform, to transmit the stolen data back to their command-and-control server. This technique highlights a growing trend in cybercrime where attackers exploit trending technologies to deceive users into downloading malicious software. The deepseek and deepseekai packages were uploaded on January 29, 2025, but their true nature was discovered within hours, prompting swift action from security teams. Despite this rapid response, the packages were downloaded 222 times from various countries, including the U.S., China, Russia, and Germany.
The campaign, while not highly sophisticated, underscores the increasing risk posed by cybercriminals who take advantage of the rapid growth and interest in AI tools.
The attack chain was short, with both packages removed from PyPI within an hour of being flagged. However, the widespread downloads of these packages before removal highlight how quickly these threats can spread. Developers who downloaded these malicious packages could have unknowingly exposed sensitive data, potentially leading to serious security breaches.
PyPI administrators responded quickly to the findings, removing the malicious packages from the repository and preventing further damage. The discovery of the attack was made possible through real-time monitoring tools like PT PyAnalysis, which tracks suspicious activity on PyPI. This incident serves as a reminder for developers to carefully vet the packages they integrate into their workflows and to remain vigilant about potential threats within the software supply chain. Automated tools and due diligence are essential in minimizing the risks posed by such attacks.